Configuration

Set the property values in the config/auth.php.
These values will be used by entrust to refer to the correct user table and model.

You can also publish the configuration for this package to further customize table names and model namespaces.
Just use php artisan vendor:publish and a entrust.php file will be created in your app/config directory.

User relation to roles

Now generate the Entrust migration:

php artisan entrust:migration

It will generate the <timestamp>_entrust_setup_tables.php migration.
You may now run it with the artisan migrate command:

This will enable the relation with Role and add the following methods roles(), hasRole($name), can($permission), and ability($roles, $permissions, $options) within your User model.

Don't forget to dump composer autoload

composer dump-autoload

And you are ready to go.

Soft Deleting

The default migration takes advantage of onDelete('cascade') clauses within the pivot tables to remove relations when a parent record is deleted. If for some reason you cannot use cascading deletes in your database, the EntrustRole and EntrustPermission classes, and the HasRole trait include event listeners to manually delete records in relevant pivot tables. In the interest of not accidentally deleting data, the event listeners will not delete pivot data if the model uses soft deleting. However, due to limitations in Laravel's event listeners, there is no way to distinguish between a call to delete() versus a call to forceDelete(). For this reason, before you force delete a model, you must manually delete any of the relationship data (unless your pivot tables uses cascading deletes). For example:

$role=Role::findOrFail(1); // Pull back a given role// Regular Delete$role->delete(); // This will work no matter what// Force Delete$role->users()->sync([]); // Delete relationship data$role->perms()->sync([]); // Delete relationship data$role->forceDelete(); // Now force delete will work regardless of whether the pivot table has cascading delete

Usage

Concepts

Let's start by creating the following Roles and Permissions:

$owner=newRole();$owner->name='owner';$owner->display_name='Project Owner'; // optional$owner->description='User is the owner of a given project'; // optional$owner->save();$admin=newRole();$admin->name='admin';$admin->display_name='User Administrator'; // optional$admin->description='User is allowed to manage and edit other users'; // optional$admin->save();

Next, with both roles created let's assign them to the users.
Thanks to the HasRole trait this is as easy as:

$user=User::where('username', '=', 'michele')->first();// role attach alias$user->attachRole($admin); // parameter can be an Role object, array, or id// or eloquent's original technique$user->roles()->attach($admin->id); // id only

Short syntax route filter

To filter a route by permission or role you can call the following in your app/Http/routes.php:

// only users with roles that have the 'manage_posts' permission will be able to access any route within admin/postEntrust::routeNeedsPermission('admin/post*', 'create-post');// only owners will have access to routes within admin/advancedEntrust::routeNeedsRole('admin/advanced*', 'owner');// optionally the second parameter can be an array of permissions or roles// user would need to match all roles or permissions for that routeEntrust::routeNeedsPermission('admin/post*', array('create-post', 'edit-comment'));Entrust::routeNeedsRole('admin/advanced*', array('owner','writer'));

Both of these methods accept a third parameter.
If the third parameter is null then the return of a prohibited access will be App::abort(403), otherwise the third parameter will be returned.
So you can use it like:

Furthermore both of these methods accept a fourth parameter.
It defaults to true and checks all roles/permissions given.
If you set it to false, the function will only fail if all roles/permissions fail for that user.
Useful for admin applications where you want to allow access for multiple groups.

// if a user has 'create-post', 'edit-comment', or both they will have accessEntrust::routeNeedsPermission('admin/post*', array('create-post', 'edit-comment'), null, false);// if a user is a member of 'owner', 'writer', or both they will have accessEntrust::routeNeedsRole('admin/advanced*', array('owner','writer'), null, false);// if a user is a member of 'owner', 'writer', or both, or user has 'create-post', 'edit-comment' they will have access// if the 4th parameter is true then the user must be a member of Role and must have PermissionEntrust::routeNeedsRoleOrPermission('admin/advanced*',array('owner', 'writer'),array('create-post', 'edit-comment'),null,false);

Route filter

Entrust roles/permissions can be used in filters by simply using the can and hasRole methods from within the Facade:

Route::filter('manage_posts', function(){// check the current userif (!Entrust::can('create-post')) {returnRedirect::to('admin'); }});// only users with roles that have the 'manage_posts' permission will be able to access any admin/post routeRoute::when('admin/post*', 'manage_posts');

Using a filter to check for a role:

Route::filter('owner_role', function(){// check the current userif (!Entrust::hasRole('Owner')) {App::abort(403); }});// only owners will have access to routes within admin/advancedRoute::when('admin/advanced*', 'owner_role');

As you can see Entrust::hasRole() and Entrust::can() checks if the user is logged in, and then if he or she has the role or permission.
If the user is not logged the return will also be false.

Then it's likely that the id column in your user table does not match the user_id column in role_user.
Match sure both are INT(10).

When trying to use the EntrustUserTrait methods, you encounter the error which looks like

Class name must be a valid object or a string

then probably you don't have published Entrust assets or something went wrong when you did it.
First of all check that you have the entrust.php file in your app/config directory.
If you don't, then try php artisan vendor:publish and, if it does not appear, manually copy the /vendor/zizaco/entrust/src/config/config.php file in your config directory and rename it entrust.php.

License

Entrust is free software distributed under the terms of the MIT license.